Job
Description
CISO Analyst/Support Agent (GCC) As a CISO Analyst/Support Agent you are responsible for helping setting up and maintaining the Third Party Cyber Risk Management (TPCRM) and Client Information Security, Tendering, Onboarding & Support (CISTOS) services. You are supporting the wider IS GRC team with related requests, in an effort to improve the Randstad security posture. In this role you are the First Point of Contact (FPoC) for day-to-day activities in the TPCRM process, as well as for client inquiries around Randstads security posture. You will be performing administrative tasks (e.g responding to emails and inquiries, creating dashboards and reports, working on documentation etc.), as well as operational ones (e.g. reviewing related inquiries). Your main collaborators are the TPRM, DP and Legal functions, as well as the client-facing side of Randstad (e.g. Randstad Sourceright, local markets). Your responsibilities - CISTOS Analyst/Support Agent Process: Support with the creation of the information security knowledge database: collect, populate and update questionnaire foundation; Be the first point of contact for client requests and inquiries (general questions, intake forms, information requests); Act as a liaison with the Randstad GRC team (Yannis) for level 2 support (e.g. for elaborate client requests and anything outside Business as Usual (BAU) requests); Escalate unresolved/high criticality issues to the Randstad GRC team (GRC team, or supporting market lead); Maintain information materials; Support with client audits (onsite & on-screen sessions) - no physical attendance/travel required; Play an active role in further improving the CISTOS service by being an engaged and critically-thinking stakeholder; OPTIONAL - Support with the setup/integration of Confluence and Connect for the Client Information Security Tendering, Onboarding and Support (CISTOS) service Reports: Maintain a thorough risk register and create dashboards and reports to capture various client requests Populate the register & tracker for continuous monitoring of CISTOS service and SLA adherence Create & maintain monthly reports on request status, volume of inquiries etc Your responsibilities - TPCRM Analyst/Support Agent Process: Approve, within the given mandate, all tier 2-4 Vendor assessments. Advice Global TPCRM and Global DPO on tier 1 Vendor assessments. Collect and evaluate latest Vendor Assurance documents (ISO 27001 certificates and SOC2 statements, tier 1-2) and store them. Escalate high risks to Global TPCRM and Global DPO Launch relevant Vendor assessments (internal and external) Support business departments (Global and OPCOs) and Vendors filling in Vendor assessments Reports: Monthly reporting on Key Performance Indicators (KPI) Reports on Vendor risks, threats or findings With whom you will be working? This role is positioned under the Global CISO Office, in which teams with different areas of expertise work on a safer Randstad. For example, the GRC team, Operations & Intelligence, Data Security, Application security and Security Engineering are part of the CISO Office. The goal of the CISO Office is to guard and constantly improve our security posture worldwide to protect Randstad against cyber threats from inside and outside. We work very closely together with our colleagues in the Global Data Protection team. About you We are looking for an experienced, enthusiastic hands-on professional who acts proactively to ensure that everything runs smoothly. You have an affinity with privacy, security, procurement, supplier management and process optimization and you monitor the quality and effectiveness of the CISTOS process. You have excellent communication skills, produce tasks and work with a structured process, are a real team player, but also perfectly capable of working independently to operate. We are looking for someone with the following qualities: Higher education (bachelor at minimum) on information security or relevant field Knowledge of GDPR/privacy legislation Affinity with privacy & security: advanced knowledge of information security and privacy Pragmatic, client and solution-oriented Organizational awareness Proactive, assertive and able to work independently Social / communicative skills, easily establishes contact with various people on different levels Analytical - pays close attention to detail Fluent English, verbal and written It is an advantage if you have knowledge of the OneTrust application and/or ServiceNow, as well as the Google suite (Sheets, Docs, Slides), PowerBI and Jira/Confluence
